LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is risk management in a security context, and why is it framed as a process?

It's the continuous practice of identifying, assessing, and treating risks — ongoing because the threat landscape never stops changing.

Four-stage loop: Identify, Assess, Treat, Review — repeating as the threat landscape changes.

* Risk management as a continuous cycle: identify, assess, treat, review. *

Risk management means systematically asking: What could go wrong? How likely is it? How bad would it be? What do we do about it? — and then choosing to mitigate, transfer (e.g. insurance), accept, or avoid each risk.

It's a process, not a one-off, because new threats, systems, and business changes constantly create new risks. A risk assessment from two years ago is stale. Hence organizations run a recurring risk-management process with periodic review.

Tip: You can never reach zero risk — the goal is to reduce risk to an acceptable level given your resources, and to consciously decide which residual risks to accept.

Go deeper:

From Quiz: INTROL / Strategy & Tactics in Cyber Security | Updated: Jul 05, 2026